CVE-2017-8836

CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious website. This can for example be used to change the credentials of the administrative webinterface.

CVSS v3 8.8 HIGH
CVSS v2.0 6.8 MEDIUM

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://seclists.org/bugtraq/2017/Jun/1	Mailing List Third Party Advisory
https://www.exploit-db.com/exploits/42130/
https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:h:peplink:balance_305:-:*:*:*:*:*:*:*

cpe:2.3:o:peplink:b305hw2_firmware:7.0.1:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:h:peplink:balance_380:-:*:*:*:*:*:*:*

cpe:2.3:o:peplink:380hw6_firmware:7.0.1:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:h:peplink:balance_580:-:*:*:*:*:*:*:*

cpe:2.3:o:peplink:580hw2_firmware:7.0.1:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:h:peplink:balance_710:-:*:*:*:*:*:*:*

cpe:2.3:o:peplink:710hw3_firmware:7.0.1:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:h:peplink:balance_1350:-:*:*:*:*:*:*:*

cpe:2.3:o:peplink:1350hw2_firmware:7.0.1:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:h:peplink:balance_2500:-:*:*:*:*:*:*:*

cpe:2.3:o:peplink:2500_firmware:7.0.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-06-05 14:29

Updated : 2017-08-13 01:29

NVD link : CVE-2017-8836

Mitre link : CVE-2017-8836

CVE.ORG link : CVE-2017-8836

JSON object : View

Products Affected

peplink

balance_380
2500_firmware
1350hw2_firmware
380hw6_firmware
balance_305
balance_710
balance_1350
balance_2500
b305hw2_firmware
balance_580
580hw2_firmware
710hw3_firmware

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2017-8836", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2017-06-05T14:29:00.450", "references": [{"url": "http://seclists.org/bugtraq/2017/Jun/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/42130/", "source": "cve@mitre.org"}, {"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious website. This can for example be used to change the credentials of the administrative webinterface."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de tipo CSRF en dispositivos Peplink Balance 305, 380, 580, 710, 1350 y 2500 con versi\u00f3n de firmware anterior a fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. Los scripts CGI en la interfaz administrativa est\u00e1n afectados. Esto permite que un atacante ejecute comandos, si un usuario ha iniciado sesi\u00f3n visita un sitio web malicioso. Esto puede ser usado, por ejemplo, para cambiar las credenciales de la interfaz web administrativa."}], "lastModified": "2017-08-13T01:29:22.397", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:peplink:balance_305:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C9CB13A7-2179-46F5-9305-40AFBDE3F0F7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:peplink:b305hw2_firmware:7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C934DEA3-D52B-4780-9DB1-DB0892AC5F81"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:peplink:balance_380:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "277BC849-D50C-407D-8A05-CA81E9742AA0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:peplink:380hw6_firmware:7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AF409A3-1B36-4F46-A1CC-AFBEFA517201"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:peplink:balance_580:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CD7DF9BE-5519-40CF-832F-DC1FE0913973"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:peplink:580hw2_firmware:7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E44985F4-9377-41F4-BE49-B9E65A5FD9FF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:peplink:balance_710:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6D5E9E4F-7786-4A7A-A04D-AB9DB420703A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:peplink:710hw3_firmware:7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "584B6897-48D1-4618-9343-43AC251CD691"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:peplink:balance_1350:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BF8E6365-21EB-487B-8739-5DC7512CF01B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:peplink:1350hw2_firmware:7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6FD22ED-88A6-44E3-A99D-3236D4E6E6B1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:peplink:balance_2500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D5058786-C405-4524-BD0C-0F08CB20C580"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:peplink:2500_firmware:7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA09E6C0-B9D3-4E65-AFC2-A517040B2DE0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

8.8 /10